Rock Phish Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Langue

en	8
pl	4
it	4
de	4
ru	2

De campagne

us	22

Acteurs

Rock Phish	1

Intérêt

Taper

Not Defined	8
Document Reader Software	2
Multimedia Player Software	2
Anti-Malware Software	2

Fournisseur

Russcom Network	2
Not Defined	2
Adobe	2
Apple	2
DZCP	2

Produit

Russcom Network Loginphp	2
Pligg	2
Adobe Acrobat Reader	2
Apple QuickTime	2
DZCP deV!L`z Clanportal	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.70	CVE-2010-0966
2	Pligg cloud.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.59
3	Tiki Admin Password tiki-login.php authentification faible	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.96	CVE-2020-15906
4	Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00053	0.04	CVE-2022-28507
5	SourceCodester Kortex Lite Advocate Office Management System register_case.php sql injection	4.7	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.22	CVE-2024-3621
6	Adobe Acrobat Reader buffer overflow	6.3	5.5	$25k-$100k	$0-$5k	Unproven	Official Fix	0.29503	0.02	CVE-2014-9159
7	Apple QuickTime buffer overflow	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.06113	0.02	CVE-2011-3249
8	zephyrproject-rtos RNDIS USB Device buffer overflow	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00081	0.03	CVE-2021-3861
9	Lenze cabinet c520/cabinet c550/cabinet c750 Password Verification Remote Code Execution	9.8	9.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00336	0.04	CVE-2022-2302
10	SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scripting	8.0	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
11	Magic Photo Storage Website register.php elévation de privilèges	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02
12	Russcom Network Loginphp register.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00677	0.02	CVE-2006-2160
13	Linux Kernel FXSAVE x87 Register chiffrement faible	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00101	0.05	CVE-2006-1056
14	WordPress wp-register.php cross site scripting	4.3	4.2	$5k-$25k	$0-$5k	High	Unavailable	0.00322	0.00	CVE-2007-5105

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	81.16.131.40		Rock Phish		19/06/2022	verified	Élevé
2	XXX.XX.XXX.XX		Xxxx Xxxxx		19/06/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Élevé
2	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
3	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/control/register_case.php	predictive	Élevé
2	File	cloud.php	predictive	Moyen
3	File	inc/config.php	predictive	Élevé
4	File	xxxxxxxx.xxx	predictive	Moyen
5	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Élevé
6	File	xxxx-xxxxx.xxx	predictive	Élevé
7	File	xxxx/xxxxxxxx.xxx	predictive	Élevé
8	File	xx-xxxxxxxx.xxx	predictive	Élevé
9	Argument	xxxxxxxx	predictive	Moyen
10	Argument	xxxxxxxxxx	predictive	Moyen
11	Argument	xxxxxxxx	predictive	Moyen
12	Argument	xxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxx	predictive	Élevé
13	Argument	xxxxx	predictive	Faible
14	Argument	xxxx_xxxxx	predictive	Moyen
15	Argument	_xxxxxx[xxxx_xxxx]	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!